On 01/21/2014 06:50 PM, Joseph S. Myers wrote:
On Tue, 21 Jan 2014, Prathamesh Kulkarni wrote:
Souce of these warnings are typically calls to error() and friends.
In C and C++ front ends there are many calls of error (errmsg).
errmsg is in many cases, assigned the return value of targetm hooks
(tagetm.invalid_return_type(), etc.) Is it correct to replace error
(errmsg) by
error ("%s", errmsg) in these cases ?
No. Typically the message returned by the hook may contain no-arguments
format specifiers such as %< and %>. Instead, to avoid such warnings you
need to add a new function error_at_no_args (location, message) that
accepts and processes only formats taking no arguments (and probably
aborts if given a format that needs arguments).
And printf format strings also can contain %% an %m (the latter is a GNU
extension). That's why we cannot perform the arg -> "%s", arg
transformation unconditionally in the compiler, rendering
-Wformat-security pointless. Which is a bit disappointing.
--
Florian Weimer / Red Hat Product Security Team